Updated TIC 3.0 Security Capabilities Catalog (SCC) to v3.2

The Cybersecurity and Infrastructure Security Agency (CISA) published the updated version of the Trusted Internet Connections (TIC) 3.0 Security Capabilities Catalog (SCC) version 3.2. The SCC was recently updated based on the new National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) Version 2.0 mapping updates. 

The TIC 3.0 SCC provides a list of deployable security controls, security capabilities, and best practices. The catalog is intended to guide secure implementations and help agencies satisfy program requirements within discrete networking environments. 

Further, the SCC helps agencies to apply risk management principles and best practices to protect federal information in various computing scenarios. The trust considerations presented in the TIC 3.0 Reference Architecture can be further applied to an agency’s implementation of a given use case to determine the level of rigor required for each security capability. In some cases, the security capabilities may not adequately address residual risks necessary to protect information and systems; agencies are obligated to identify and apply compensating controls or alternatives that provide commensurate protections. Additional collaboration with vendors is necessary to ensure security requirements are adequately fulfilled, configured, and maintained.

All new documents and other helpful reference materials, like frequently asked questions (FAQs) and trainings, can be found on the TIC homepage.  

###